Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Do You Monitor Documents?

Posted by samzenpus on from the protect-yourself-at-all-times dept.

JumpDrive writes "I have been presented with a problem recently, which I know others have probably faced. During the last month, one of our customers accused us of providing another customer with their specification. So the question arose: how do we, or can we trace documents and find if they are being opened or used somewhere where they weren't intended. We don't want to be restrictive, because at times, we have people all over the place, but if one of our documents were opened in a foreign country, that would arouse suspicions. Most of our documents are made with MS office suite, and I have been thinking of working on a macro to ping a server, but that would require the user to enable the macros, and it would also require the insertion into about 1000 documents. But it's been difficult for me to find a solution that doesn't prevent someone in Omaha from opening a document for legitimate use and is not a solution that can easily be disabled or hacked around."

7 of 237 comments (clear)

  1. Microsoft Rights Management Server? by Richard_at_work · · Score: 5, Informative

    See topic - MS do something which seems to be essentially *exactly* what you want, and since you are using MS Office, I would suggest giving it a try.

    http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx

  2. Active Directory Rights Management Services by lukas84 · · Score: 5, Informative

    The best solution to your problem probably would be using Microsoft's AD RMS.

    http://technet.microsoft.com/en-us/library/cc753531.aspx

    AD RMS provides you with the ability to control licensing, opening, printing, etc. of documents. This will provide you with the audit trail you migh tneed.

    Of course, you can still photograph every screen while scrolling through the pages, so it's essentially worthless in practice, but it might satisfy your customers demands for proper paperworks.

    Yep, implementing AD RMS will be a heck a lot of work, and you'll surely need to adjust your internal processes in order to incorporate AD RMS.

    What you're planning on doing is DRM: Which is, as all Slashdot readers know, impossible with a properly determined person. And in your case (industrial espionage), there are better people working on it than a few hackers that try cracking Blue-Ray in their spare time.

    1. Re:Active Directory Rights Management Services by morgan_greywolf · · Score: 5, Funny

      Can this solution be used without an Active Directory environment?

      No. AD RMS, as the name implies, requires an Active Directory implementation. Microsoft is all about doing it one way -- The Microsoft Way. You obviously require re-education. Quick. Send in the consultants!

      --
      My blog
  3. With a cabinet by AdamInParadise · · Score: 5, Funny

    I keep my sensitive documents in a locked cabinet. Never had an issue with a document opening itself in a foreign country.

    --
    Nobox: Only simple products.
  4. Re:Document control by Kneo24 · · Score: 5, Insightful

    You have completely missed the point of Ask Slashdot. It's just not about doing a 5 minute search and randomly choosing one. The reason people ask this group questions like this is because they want more detailed information from people who have hopefully had hands on experience doing these things. What worked? What didn't? Why did it, or did not work? How was implemented? You may not be able to find that kind of information easily even if you know what to search for. And once you have that information, there are other people to give their insights on what that persons stories. It has the potential to be one big chain of helpfulness.

    Sure, it's a cheap and lazy way of getting someone else to do some of your work for you, but it's not generally a bad thing. I know if I was completely clueless about some tech related problem, I'd probably ask here. Wouldn't you?

  5. You can't by markdavis · · Score: 5, Insightful

    That is the simple answer.

    If you want to give something to someone, you can't control what they do with it. That is like saying "I want to give this hammer to a friend, but I want to prevent them from loaning it to someone else, or using it to smash computers with."

    If you don't trust the person that you give something, then the chain of trust is broken. Everything we do is based on trust. I trust if I give you an emergency key to my house that you won't rob me. I trust that when I accept cash from you to pay for a service that it isn't counterfeit. I trust when you sign a contract with me, you will live up to your duties in the contract. I trust when you babysit my children you won't rape them. You pretty much asked for exactly what the whole point (and failure) of DRM is all about- trying to FORCE *everyone* to trust and comply with your wishes. You can't. Welcome to humanity.

  6. Other Options by Anonymous Coward · · Score: 5, Informative

    EMC IRM (Formerly Authentica (yes, there is a typo in the summary))

    Oracle IRM (Formerly SealedMedia)

    Liquid Machines

    Adobe LifeCycle Rights Management